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Claims 

What is claimed is: 

1 . A method of generating a representation of an access control list, the representation being 
utilizable in a processor, the method comprising the steps of: 

5 determining a plurality of rules of the access control list, each of at least a subset of 

the rules having a plurality of fields and a corresponding action; and 

processing the rules to generate a multi-level tree representation of the access control 
list, each of one or more of the levels of the tree representation being associated with a corresponding 
one of the fields; 

1 0 wherein at least one level of the tree representation other than a root level of the tree 

representation comprises a plurality of nodes, with at least two of the nodes at that level each having 
a separate matching table associated therewith. 

2. The method of claim 1 wherein the matching table comprises a longest prefix matching 
15 (LPM) table. 

3. The method of claim 1 wherein the plurality of fields comprises at least first and second 
fields, the first field comprising a source address field and the second field comprising a destination 
address field. 

20 

4. The method of claim 1 wherein a final level of the tree representation comprises a 
plurality of leaf nodes, each associated with one of the actions of the plurality of rules. 

5. The method of claim 1 wherein the root level of the tree representation includes a plurality 
25 of field values, each corresponding to a distinct source address in a first field of the plurality of rules. 



16 



Kumar 5-5 

6. The method of claim 5 wherein a second level of the tree representation includes a 
plurality of nodes, each being associated with a subtree of a given one of the distinct source 
addresses of the root level of the tree. 

5 7. The method of claim 6 wherein a given one of the second level subtrees identifies one or 

more destination addresses to be examined if the corresponding root level source address matches 
a source address of a given received packet. 

8. The method of claim 1 wherein a matching table at a given level of the tree representation 
10 other than a root level of the tree representation comprises at least a portion of a subtree identified 

by a particular field value from an immediately previous level. 

9. The method of claim 1 wherein the tree representation is generated by associating a first 
node at the root level with a given value in a first field of one of the plurality of rules, and then 

15 processing remaining field values sequentially, with each value in turn being compared to one or 
more existing values at the appropriate node(s) of the tree representation to determine if a match 
exists, and associating that value with a matching table at one of the nodes of the tree representation 
based at least in part on the determination. 

20 10. The method of claim 1 wherein at each of at least a subset of the nodes of the tree 

representation having a separate matching table associated therewith, values in the matching table 
are arranged in order of decreasing specificity. 

11. The method of claim 1 wherein the corresponding actions include at least an accept 
25 action and a deny action. 

12. The method of claim 1 further including the step of storing at least a portion of the tree 
representation in memory circuitry accessible to the processor. 

17 



Kumar 5-5 

13. The method of claim 1 further including the step of utilizing the stored tree 
representation to perform an access control list based function in the processor. 

14. The method of claim 13 wherein the access control list based function comprises packet 
filtering. 

15. An apparatus configured for performing one or more processing operations utilizing a 
representation of an access control list, the access control list comprising a plurality of rules, each 
of at least a subset of the rules having a plurality of fields and a corresponding action, the apparatus 
comprising: 

a processor having memory circuitry associated therewith; 

the memory circuitry being configured for storing at least a portion of a multi-level 
tree representation of the access control list, each of one or more of the levels of the tree 
representation being associated with a corresponding one of the fields; 

the processor being operative to utilize the stored tree representation to perform an 
access control list based function; 

wherein at least one level of the tree representation other than a root level of the tree 
representation comprises a plurality of nodes, with at least two of the nodes at that level each having 
a separate matching table associated therewith. 

16. The apparatus of claim 15 wherein the access control list based function comprises 
packet filtering. 

17. The apparatus of claim 15 wherein the memory circuitry comprises at least one of 
internal memory and external memory of the processor. 

18. The apparatus of claim 15 wherein the processor comprises a network processor. 
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19. The apparatus of claim 15 wherein the processor is configured as an integrated circuit. 



20. An article of manufacture comprising a machine-readable storage medium having 
program code stored thereon, the program code generating a representation of an access control list, 
5 the representation being utilizable in a processor, wherein the program code when executed 
implements the steps of: 

determining a plurality of rules of the access control list, each of at least a subset of 
the rules having a plurality of fields and a corresponding action; and 

processing the rules to generate a multi-level tree representation of the access control 
1 0 list, each of one or more of the levels of the tree representation being associated with a corresponding 
one of the fields; 

wherein at least one level of the tree representation other than a root level of the tree 
representation comprises a plurality of nodes, with at least two of the nodes at that level each having 
a separate matching table associated therewith. 
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